"ESXi Host is Violating ISO" Alert Not Automatically Cancelled in Aria Operations
search cancel

"ESXi Host is Violating ISO" Alert Not Automatically Cancelled in Aria Operations

book

Article ID: 407089

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

When the ISO Compliance pack is enabled, an alert titled "ESXi Host is violating ISO" is triggered, even though all compliance rules are being followed.

The alert appears with the symptom:"Integrity - Firewall is not configured for NTP service."

Environment

Aria Operation 8.x

Cause

This issue is typically caused by the following factors:

  1. The ESXi host's firewall is configured to allow NTP (Network Time Protocol) traffic from all IP addresses, instead of specific IP addresses, as required for ISO compliance.

  2. The NTP Client IP address is updated directly on the ESXi host using the host client, rather than through the vCenter UI. Since Aria Operations collects configuration data through vCenter, any changes made directly on the host are not reflected in Aria Operations.

Resolution

Follow the steps below to resolve this issue:

  1. Log in to the relevant vCenter where the ESXi host is located.

  2. Navigate to the specific ESXi host > Configure > Firewall, and update the required NTP IP address via the vCenter UI.

Once these changes are made, the metric in Aria Operations will be updated, and the alert will be automatically cleared.

Powered by Wolken Software